Mitigating Apache Camel Vulnerability CVE-2025–27636 with F5 Products

Recently Apache Camel has published a vulnerability CVE-2025-27636 (https://nvd.nist.gov/vuln/detail/CVE-2025-27636 )

As always, F5 is here to support customers and provide mitigation for this vulnerability.

Apache Camel is a free tool that helps developers connect different systems and apps. It does this by using enterprise integration patterns (EIPs). Since it is widely used in enterprise environments, it becomes a tempting target for malicious actors..

To mitigate this vulnerability against your web application with F5 product, please follow below-mentioned steps.

For F5 WAF products:

Assign the signature 200016013 to the security policy which is part of signature update ASM-AttackSignatures_20250309_023422.im.
Make sure your policy is in blocking mode and signature 200016013 is enforced.

To know the status of policy

Go to Security > Application Security > Security Policies > Policies List > Select the policy
Under policy configuration, select General setting and look for Enforcement mode under learning and blocking.
If the policy is not in blocking mode, you may change it by changing the enforcement mode to blocking.
To apply the changes, save and apply the policy.

To know the status of signature.

Go to Security > Application Security > Security Policies > Policies List and then select the policy.
Under policy configuration, select Attack Signatures, then click on filter and search for signature ID “200016013”
Make sure the signature is not disabled or in staging state. If signature is not enforced, you may enforce it by selecting the signature and then by clicking on enforce button. For detail information - please check https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-attack-and-bot-signatures-14-1-0/assigning-attack-signatures-to-security-policies.html
To apply the changes save and apply the policy.

Note: